CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
PhishWP Plug-in Hijacks WordPress E-Commerce Checkouts
Description: The malware, found on a Russian cybercriminal site, impersonates e-commerce payment-processing services such as Stripe to steal user payment data from legitimate websites.
Source: Dark Reading
January 7th, 2025 (6 months ago)
DNI Claims to be Selling Access to an Unidentified Business Services Industry
Description: DNI Claims to be Selling Access to an Unidentified Business Services Industry
Source: DarkWebInformer
January 7th, 2025 (6 months ago)

CVE-2024-6515
ABB ASPECT-Enterprise, NEXUS, and MATRIX Series Products
Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT-Enterprise, NEXUS, and MATRIX series Vulnerabilities: Files or Directories Accessible to External Parties, Improper Validation of Specified Type of Input, Cleartext Transmission of Sensitive Information, Cross-site Scripting, Server-Side Request Forgery (SSRF), Improper Neutralization of Special Elements in Data Query Logic, Allocation of Resources Without Limits or Throttling, Weak Password Requirements, Cross-Site Request Forgery (CSRF), Use of Weak Hash, Code Injection, PHP Remote File Inclusion, External Control of System or Configuration Setting, Insufficiently Protected Credentials, Unrestricted Upload of File with Dangerous Type, Absolute Path Traversal, Use of Default Credentials, Off-by-one Error, Use of Default Password, Session Fixation 2. RISK EVALUATION Multiple vulnerabilities in ABB ASPECT-Enterprise, NEXUS, and MATRIX series products have been reported, which could enable an attacker to disrupt operations or execute remote code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ABB reports the following products are affected: ABB NEXUS Series: NEXUS-3-x <=3.08.02 (CVE-2024-6515, CVE-2024-6516, CVE-2024-6784, CVE-2024-48843, CVE-2024-48844, CVE-2024-48846, CVE-2024-48839, CVE-2024-48840, CVE-2024-51541, CVE-2024-51542, CVE-2024-51543, CVE-2024-51544, CVE-2024-51545, CVE-2024-51546, CVE-2024-51548, CVE-2024-51549, CVE-2024-51550, CVE-202...

CVSS: HIGH (8.7)

EPSS Score: 0.04%

Source: All CISA Advisories
January 7th, 2025 (6 months ago)
CISA Releases Two Industrial Control Systems Advisories
Description: CISA released two Industrial Control Systems (ICS) advisories on January 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-007-01 ABB ASPECT-Enterprise, NEXUS, and MATRIX Series Products ICSA-25-007-02 Nedap Librix Ecoreader CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
Source: All CISA Advisories
January 7th, 2025 (6 months ago)
UN aviation agency investigating 'potential' security breach
Description: ​On Monday, the United Nations' International Civil Aviation Organization (ICAO) announced it was investigating what it described as a "reported security incident." [...]
Source: BleepingComputer
January 7th, 2025 (6 months ago)
miyako is Allegedly Selling Access to an Unidentified City Government in Germany
Description: miyako is Allegedly Selling Access to an Unidentified City Government in Germany
Source: DarkWebInformer
January 7th, 2025 (6 months ago)
Name That Edge Toon: Greetings and Salutations
Description: Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
Source: Dark Reading
January 7th, 2025 (6 months ago)
Telegram hands over data on thousands of users to US law enforcement
Description: Telegram&nbsp;reveals that the communications platform has fulfilled 900 U.S. government requests, sharing the phone number or IP address information of 2,253 users with law enforcement. [...]
Source: BleepingComputer
January 7th, 2025 (6 months ago)
[matrix-sdk-crypto] matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity
Description: Impact Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. Patches matrix-sdk-crypto 0.8.0 adds a new VerificationLevel::VerificationViolation enum variant which indicates that a previously verified identity has been changed. Workarounds N/A References Patch: https://github.com/matrix-org/matrix-rust-sdk/pull/3795 References https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-r5vf-wf4h-82gg https://github.com/matrix-org/matrix-rust-sdk/pull/3795 https://github.com/advisories/GHSA-r5vf-wf4h-82gg
Source: Github Advisory Database (Rust)
January 7th, 2025 (6 months ago)
Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers
Description: Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices. "The Illumina iSeq 100 used a very outdated implementation of BIOS firmware using CSM [Compatibility Support Mode] mode and without Secure Boot or standard
Source: TheHackerNews
January 7th, 2025 (6 months ago)